‘We’ve created a privacy industry’ was a statement you could often hear when Europe introduced General Data Protection Regulations (GDPR) and the German implementation DatenSchutz GrundVerOrdnung (DSGVO). Already back in 2016 first predictions arrived, that GDPR will boost European software industry and give them a uniqueselling point. After the regulation became effective in Europe May 25th 2018(!), after a 2 years transition period, perceived only complaints happened. Affected data controllers and processors cited the difficulties implementing these regulations. A BitKom funded survey even indicates the regulation is hurting the European market.
Now, around 1.5years later, the industry seems to have settled on the regulation and business continues as usual. Subjectively perceived, privacy is indeed still an obstacle to decision makers in the market. Even politicians keep on imploring data to be the new oil, demanding a data driven economy and to weakend the underlying ideas of european data protection acts. Meanwhile, the opportunity has moved along. Californian Start-Ups discovered this niche and turn privacy it into value:
Privacy-focused technology companies are offering a variety of services, from personal data scrubbing to business-focused software meant to help companies comply with the law.
Off Facebook Activity is a tool, that let’s Facebook users see which sites they used outside of Facebook. The tool is as creepy as you would think it would be. Facebook, through it’s like buttons and other embeds, has sheer unlimited insight into personal browsing behaviour.
In an attempt by the company to create more transparency, it discloses how much curiosity in a negative sense is driving the social network in trying to understand their audience. And actually sell this gained knowledge to their customers.
The release of Off Facebook Activity a reminder we are living in an increasingly connected world that is watching us. There is entirely no point for any company to collect this type of data outsire of making us a product.
The Washington Post writes about how creepy and scary this feature is, and even more important, how to work with privacy settings. While the article deals with Facebook internal settings alone, the amout of data transferred to Facebook won’t stop. At this point, you may want to consider personal privacy tools like uMatrix (for Firefox or Chrome). Or, to leverage protection for the entire network, e.g. for your family, Pi-Hole is worth taking a look, too.
Privacy in the Platform Economy: In the tracking business, access to the customers desktop was in firm hands of Google and Facebook. Until recently!
SnakeOil promises people security to get them install software that’s capable of eavesdropping ssl and all other access to a computers interaction. Quite obvious to see this is a good source to profile a users behavior. A violation of users privacy for the sake of security. You sure all read the fineprint in the anti virus software, right?
Now apparently, somebody in the SnakeOil industry figured that out. A recent leak disclosed Avast Antivirus leverages their market access to almost hald a billion user profiles and devices to package up this insight. “every search” that promises ‘Every search. Every click. Every buy. On every site.’. Of course the target audience is the same as for marketing- and tracking clients.
Automatisierte Gesichtserkennung: diese Woche is eine Recherche zu dem US Unternehmen Clearview durch die Medien gereicht worden. Die Artikel haben jeweils viel Aufmerksamkeit auf sich gezogen.
Gesichtserkennung ist das Feature, das man bereits von Fotoverarbeitungsprogrammen, Handys und sogar Sozialen Medien kennt. Für die meisten Nutzer dieser Programme oder Dienste ist das meist ein lustiges, manchmal sogar nützliches Feature. In einer großen Sammlung von Fotos schnell alle für die Geburtstagsfeier alle Freunde wiederzufinden, ist schon praktisch.
Wenn diese Funktionalität die Grenzen der privaten Nutzung überschreitet beherbergt die Anwendung große Gefahren. Zum einen handelt es sich hier im eine private Firma. Weder weiss eine betroffene Person, ob Ihr Bild in der Datenbank geführt wird, noch ist eine Kundenliste der Firma bekannt. Das bedeutet, dass die Anwendung der Datenbank ebenso unklar ist, und damit auch Missbrauchspotential eröffnet. So gab es bereits Fälle, in denen Beamte Frauen nachstellten. Eine Fotodatenbank erleichtert solche Vorhaben. Genauso, wie Regierungen und offizielle Stellen beispielsweise Videoüberwachung öffentlicher Plätze leichter auswerten können. Damit wäre denkbar, Bewegungsprofile von beispielsweise Regierungskritischen Bürgern zu erstellen.
Die Technologie bringt durch Ihren Einsatz im öffentlichen Raum eine automatisierte Verletzung von Privatsphäre der Bürgerinnen und Bürger mit sich, wie auch Ulrich Kelber, Bundesdatenschutzbeauftragter, sich äussert.
Only days after Clearview hit the news, The Economist runs an article on how the Combating Terrorism Technical Support Office (CTTSO), an agency of the US defence department, has developed another dystopian tool to identify people by their heartbeat.
The Y2038 problem is similar to the Y2K problem. We’re exactly in between both about now. Both are 18 years away, in either direction. While Y2K is over and was obvious to everyone, Y2038 is not.
The issue here relates to a representation of date and time in Unix systems, and is therefore sometimes referred to as Unix Y2K. The root is the convention to store date and time information as 32bit unsigned integer in such systems. This means, possible values are limited. Time-differences in seconds, starting from 01.Jan 1970 cannot span beyond 03:14:07 UTC on 19 January 2038.
The Y2038 problem will make all calculations beyond this date impossible, until migrated to another representation. At the time being, this seems far away. However, the problem casts its shadows already. Industries, in particular financial markets, often rely on long term forecasts.
Governance issued treasury bonds come with with the longest maturity. Often twenty years, sometimes thirty years. Calculations for complex, long running financing models easily try to estimate returns 20 years and beyond into the future. This is already beyond the problematic date that Y2038 brings. The code to run these calculations is typically complex and stable. Sometimes, it is as old as from 1970. Back then, this date-representation Unix engineers introduced this approach. 32bit covered a long period. John Femellia has a thread, over at Twitter, telling a story about the upcoming issues today.
This week in dystopia: The New York Times has an article about the next steps in dystopian future. A start-up evolving face recognition algorithms, fed by a database with facial images, scraped from the open web.
A little-known start-up helps law enforcement match photos of unknown people to their online images — and “might lead to a dystopian future or something,” a backer says.
The New York Times: The Secretive Company That Might End Privacy as We Know It
Further, the article describes the sheer size of the database. At a rate of massive duplicate numbers, three billion images is still impressive.
The system — whose backbone is a database of more than three billion images that Clearview claims to have scraped from Facebook, YouTube, Venmo and millions of other websites — goes far beyond anything ever constructed by the United States government or Silicon Valley giants.
The New York Times: The Secretive Company That Might End Privacy as We Know It
In times in which criticism of big tech is on the rise. Just this week Jannis Brühl, Head of Tech News Department at @sueddeutsche Zeitung published an opinion that this technology is dangerous and should be banned,. The article include an appeal to German government to create legislation to do so. Jannis is in good company with other tech critics like Eyvgen Morozov